CN112261020A - Distributed remote outsourcing data auditing system and method - Google Patents

Distributed remote outsourcing data auditing system and method Download PDF

Info

Publication number
CN112261020A
CN112261020A CN202011102464.5A CN202011102464A CN112261020A CN 112261020 A CN112261020 A CN 112261020A CN 202011102464 A CN202011102464 A CN 202011102464A CN 112261020 A CN112261020 A CN 112261020A
Authority
CN
China
Prior art keywords
data
audit
service provider
cloud service
contract
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011102464.5A
Other languages
Chinese (zh)
Other versions
CN112261020B (en
Inventor
文义红
范宽
史闻博
王士成
李峰
赵建伟
陈金勇
徐小刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 54 Research Institute
Original Assignee
CETC 54 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 54 Research Institute filed Critical CETC 54 Research Institute
Priority to CN202011102464.5A priority Critical patent/CN112261020B/en
Publication of CN112261020A publication Critical patent/CN112261020A/en
Application granted granted Critical
Publication of CN112261020B publication Critical patent/CN112261020B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The invention discloses a distributed remote outsourcing data auditing system and method, and belongs to the technical field of network security. The invention writes the core auditing algorithm into the remote outsourcing data of an Ether intelligent contract auditing data owner, and simultaneously ensures the integrity and privacy of the remote outsourcing data by using the random value, the delay function, the BLS signature and the bilinear pairing technology of the latest block in a block chain. Aiming at the condition that the CSP can randomly delete the low-access-frequency remote outsourcing data block, the method uses the PPS method to extract the challenge data block, and improves the probability of extracting the medium-access low-access-frequency data block. The invention designs a guarantee fund mechanism, saves the guarantee fund of DO, users and CSP by using an intelligent contract, realizes paid design and can punish entities initiating malicious behaviors.

Description

Distributed remote outsourcing data auditing system and method
Technical Field
The invention relates to the technical field of network security, in particular to a distributed remote outsourcing data auditing system and method.
Background
The problem of data security storage has become a major problem restricting the development of cloud storage services. Although storage security technologies continue to develop, remote outsourced data stored by users in a cloud platform still faces threats of destroyed integrity and correctness. When users outsource a large amount of data to the cloud platform and delete the local copy, they expect that the outsourced data can be accessed and updated without limitation of space and time, and also expect that the cloud platform can provide security for their data. However, due to the threat of incomplete and incorrect storage of data, users prefer to spend a large amount of funds on building own private data storage centers, and also prefer to store data on time-saving, money-saving and labor-saving cloud storage service platforms. Users who have to use the cloud storage service also refuse to store data with high privacy in the cloud server. Therefore, if the storage security problem of remote outsourcing data in the cloud environment is not solved, more and more users refuse the cloud storage service, and the development of the cloud storage service is hindered.
The remote outsourced data auditing technology mainly adopts a 'challenge response' mechanism to audit the integrity and correctness of data. The mechanism has the main ideas that before the user uploads data to a cloud storage server, the data are processed in a blocking mode, homomorphic verifiable signatures are generated for each data block, and outsourced data block sets and homomorphic verifiable signature sets of the outsourced data block sets are packaged and sent to a cloud storage service platform. A user entrusts a Third Party Auditor (TPA) to randomly select a plurality of outsourcing data block labels as challenge data periodically to initiate an audit request to a Cloud Service Provider (CSP), the CSP can verify a signature according to the challenge data blocks and homomorphism of the challenge data blocks and calculate an aggregation evidence to be returned to the TPA, and the TPA can know whether the challenged remote outsourcing data blocks are completely and correctly stored in a cloud storage server or not through the received aggregation evidence. Remote outsourced data auditing techniques still face the security issues raised by centralized auditing and the efficiency issues raised by challenging data block randomization.
The remote outsourcing data auditing mechanism usually assumes that the TPA is a 'honest' entity, verifies the integrity and the correctness of the remote outsourcing data according to auditing rules, and belongs to centralized auditing. However, centralized auditing suffers from the following problems: firstly, a completely honest entity is difficult to find in real life as TPA to complete auditing, and centralized auditing is difficult to realize; secondly, the 'semi-honest' TPA is easy to collude the user or the CSP initiates collusion attack, i.e., \ 35820the CSP does not completely and correctly store data, or provides wrong audit results for the user; thirdly, the TPA can launch privacy attack to the remote outsourcing data of the user, and the remote outsourcing data is snooped through the aggregated evidence; finally, centralized auditing can place computational pressure on the TPA, especially causing auditing delays when auditing tasks suddenly surge. The centralized auditing problem is a major challenge faced by remote outsourced data auditing mechanisms. In addition, at present, a plurality of audit protocols lay a good foundation for further research of remote outsourcing data audit protocols in a cloud storage environment. However, the protocols use a simple random sampling method to extract the challenge data block, and do not concern the problem of how to select the challenge data block to improve the auditing efficiency. Usually, the data blocks are characterized by access frequency, and the CSP may delete data blocks with low access frequency in order to save memory space or to improve economic efficiency. The simple random sampling method extracts units in a sample in an equal probability mode, but the sampling mode is not beneficial to extracting low-access-frequency data blocks, and the auditing efficiency is influenced. Therefore, the efficiency problem caused by randomly extracting the challenge data block is also a main challenge problem faced by the remote outsourced data auditing mechanism.
Disclosure of Invention
In view of the above, the invention provides a distributed remote outsourcing data auditing system and method, which provide a new public auditing protocol according to the characteristics of an Ether house intelligent contract and based on Proportional Probability Sampling (PPS) according to the scale, the protocol can not only realize distributed auditing, but also improve the probability of extracting a medium-low access frequency data block, and can resist common replay attack, forgery attack and substitution attack in the auditing process, thereby meeting the safety requirement of public auditing.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
a distributed remote outsourcing data auditing system is realized based on an Ether house and comprises a data owner, a cloud service provider, a user and an auditing contract; wherein:
the data owner extracts the challenge data block by using an unequal probability sampling method based on a probability proportional scale sampling method, and improves the probability of extracting the data block with the medium and low access frequencies, wherein in the preprocessing stage of the probability proportional scale sampling method, the data owner sorts the data block according to the access frequency of the data block, and a new data set containing the access frequency of the data block and the logic ID is generated; when a data owner prepares to transmit outsourced data to the cloud service provider through the Internet, firstly, the data owner divides the outsourced data into blocks to obtain a data block set, calculates homomorphic verifiable signatures of each data block, and sends the data block set and the homomorphic verifiable signature set to the cloud service provider after calculation is finished; secondly, the data owner initiates a transaction, and an audit contract is initialized by using an audit period, the number of challenge data blocks, the address of a cloud service provider and a public key of the data owner as parameters;
the cloud service provider stores a data set sent by a data owner, then regularly scans an audit contract according to an agreed audit period, if a new audit task is found, the cloud service provider informs the data owner to extract a plurality of data block IDs in a new data set by using a probability proportional scale sampling method and push the data block IDs to the audit contract, and after the ID is taken by the audit contract, challenge data is generated and sent to the cloud service provider; after receiving the challenge data, the cloud service provider calculates an aggregation evidence and invokes an auditing algorithm in a contract to verify the aggregation evidence; finally, the audit result is written into the block chain for people to look up;
when a user wants to read remote outsourced data of a data owner, the user must firstly obtain access authority granted by the data owner, and then interact with a cloud service provider to obtain target data; in order to ensure the practicability and fairness of audit, a data owner, a cloud service provider and a user all need to place a certain amount of guarantee fund in an audit contract, wherein the guarantee fund is used for paying service cost or punishing an entity with malicious behavior in a mechanism.
A distributed remote outsourcing data auditing method applied to the system as described above, comprising the steps of:
s1, initializing parameters: the data owner selects a random key pair { ssk, spk }, random numbers α and u, where α ∈ ZpG and u ∈ G1The private key sk of the data owner is { α, ssk }, and the public key pk is { g, u, v, spk }, where v is gα,v∈G2,G1And G2Two multiplication cyclic groups with prime order p, G is the generator of G1, e is G1 XG 1 → G2 is bilinear pairwise mapping, Z ispIs a set of non-negative integers less than p, H (·) {0,1}*→G1Is mapped to G1A secure hash function of (c), h (-) G1→ZpIs a one-time hash function;
s2, auditing pretreatment: the data owner divides a data set M outsourced to the cloud server into n data blocks M ═ Mi}i∈[1,n](ii) a Preprocessing a data set, mainly dividing the data set into two parts, wherein the first part is to extract the ID and the access interval time of a data block, sort the data block according to the access interval time and keep the data block to the local; the second part is to generate an accumulation table according to the access interval time of the data block to prepare for sampling by a probability proportional scale sampling method; after the data set preprocessing is completed, the data owner calculates a homomorphic verifiable signature for each data block using the private key α:
Figure BDA0002725850290000031
obtaining a homomorphic verifiable signature set Φ ═ σi}i∈[1,n](ii) a After a data owner sends data { M, phi } to a cloud service provider, an audit parameter { CSPAddr, StorTime, AudInterval, ChalNum, pk } is integrated, a transaction triggering audit contract is generated, a data owner object in the contract is initialized, wherein CSPAddr is the address of a data owner remote outsourcing data server, StorTime is the time for storing remote outsourcing data, AudInterval is an audit period, a specific audit time point can be calculated according to StortTime and AudInterval contract, the remote outsourcing data are automatically audited regularly, ChalNum is the number of challenge data blocks, and pk is a data owner public key;
s3, initializing a data owner object in an audit contract: triggered by the data owner, the contract can accept and store the deposit; the data owner sends related parameters and a certain amount of electronic money to trigger the initialization process;
s4, initializing a cloud service provider object in an audit contract: triggered by the cloud service provider, storing the deposit sent by the cloud service provider into the corresponding object account;
s5, generating an audit challenge: the method comprises the following steps that a data owner receives an audit request initiated by a cloud service provider, and then samples and extracts a specific number of data block IDs by using a probability proportional scale sampling method, so that a challenge data block ID set is generated; and the second part is that after the data owner generates the challenge data block ID set, the corresponding method in the audit contract is triggered, and the corresponding data owner in the audit contract is searched according to the address of the data ownerThe method comprises the steps that an object obtains an attribute value of the object, whether current time is accurate audit time or not is checked, whether a cloud service provider address triggering a contract is a correct cloud server address or not, whether a current audit task state is a suspended state or not and whether a random number seed is legal or not are checked, and if all the check results are legal, an audit contract uses a pseudo-random number generator to generate an audit challenge chal { (i, o) for a data owner objecti) Where i denotes the challenge data block id, oiRepresenting a corresponding random value;
s6, generating a polymerization evidence: cloud service provider receives audit challenge chal { (i, o)i) Finding a data block and a homomorphic verifiable signature corresponding to the audit challenge, and calculating an aggregation evidence; in order to ensure the privacy of the data block, the cloud service provider selects a random number l to belong to ZpCalculating random number evidence Rand ═ wl=(uα)l,Rand∈G1Linear features for breaking evidence of data, furthermore, cloud service provider uses (Rand, l, o)i,mi) Calculating data evidence mu ═ sigmachaloi·mi+ l.h (rand), calculating the signature evidence
Figure BDA0002725850290000041
And hashed evidence
Figure BDA0002725850290000042
Finally, the cloud service provider sends the aggregated evidence
Figure BDA0002725850290000043
Triggering an audit contract to finish auditing;
s7, auditing the aggregation evidence: in the periodic audit, judging whether the address of a cloud service provider triggering the contract is a server address stored in a data owner object, if the address is a correct address, adding 1 to the number of audit tasks in the data owner object, then calculating the property by utilizing bilinearity, judging whether the left end and the right end of an audit equation are equal, indicating that the audit is successful, changing the current audit state in the data owner object into success, and deducting a certain amount of guarantee money of a data owner account to be paid to the cloud service provider as storage cost; otherwise, the cloud service provider does not correctly store the remote outsourcing data, the current audit state of the object of the data owner is changed into exception by the algorithm, and a certain amount of guarantee money of the account of the cloud service provider is deducted to the data owner;
in non-periodic audit, obtaining a user object U according to a user address, checking whether a cloud service provider address triggering a contract is a cloud service provider address of data which the U wants to read, and checking whether a data owner address which is stored in the U and grants an access right is a data owner address in an algorithm parameter; if the check is legal, auditing the remote outsourcing data block read by the user successfully, deducting a certain amount of guarantee money in the user to pay to a cloud service provider and a data owner as storage and data cost, and deducting a certain amount of guarantee money from the cloud service provider to a U and the data owner if the audit fails; finally, issuing the audit result to a block chain to realize transparent audit;
s8, access authorization: data owner uses user unique identifier nameuserCalculate its access tag Tuname=nameuser||ssigssk(nameuser) And will TunameSending the data to a user and a cloud service provider to show that the user is granted remote outsourcing data access authority;
s9, initializing user objects in the audit contract: the object is used for storing a certain amount of guarantee money of the user, paying the guarantee money to a data owner and a cloud service provider as service cost, or defending the malicious behavior of the user as a punishment means;
s10, generating an aggregation evidence of the user about the request data: after receiving a user data reading owner remote outsourcing data request and corresponding challenge information, the cloud service provider verifies the user access authority, and if the user access authority passes the verification, the cloud service provider calculates an aggregation evidence proof according to the challenge datauThe concrete process of calculating evidence is the same as step (7), and proof is sentuAnd triggering an Auditing _ SmartCon method in an audit contract to audit the aggregation evidence.
Further, the generation method of the accumulation table in step S2 is:
counting the access interval time of each data block according to a fixed step length fintervThe minimum value f of all access interval timesminTo a maximum value fmazIs divided into a plurality of segments; for each segment, calculating the accumulated sum of all the interval times; for the first segment, the accumulation range is the range from the starting time to the accumulation sum time, and for the next segment, the accumulation range is the range from the accumulation sum time of the previous segment to the accumulation sum time of the current segment, wherein the accumulation sum time of the previous segment is + 1; thus, an accumulation table T containing correspondence of segment, accumulation sum and accumulation range is generatedcum
Further, in step S5, the specific way of sampling and extracting a specific number of data block IDs by using the probabilistic proportional scale sampling method is as follows:
setting two positive integers n and m, and using probability proportional scale sampling method to obtain the result from the accumulation table TcumExtracting n segments as primary sample samples; then all data block IDs corresponding to the n segments are found in the relation table, and m data block IDs are extracted from the data block IDs by using a random sampling method to serve as challenge data blocks.
Further, in step S7, the data owner determines the guaranteed amount of money to be deposited in the contract according to the size of the data set to be outsourced to the cloud service provider, the outsourcing time, and the audit price; the cloud service provider determines the guaranteed amount deposited into the contract according to the guaranteed amount of the data owner; the user determines the guaranteed amount of money deposited in the contract according to the read remote outsourcing data quantity and the service prices of the cloud service provider and the data owner;
the cloud service provider sends a transaction triggering contract for auditing, if the auditing is that the data owner remotely outsources the data set, if the auditing verification is successful, the contract pays the auditing expense deducted once from the guarantee fund of the data owner to the cloud service provider;
when the entity initiating the audit is the user U, if the audit verification is successful, the contract deducts the fees from the guarantee sum of the U and pays the fees to the cloud service provider and the data owner respectively;
when a data owner initiates a dynamic audit transaction, if the audit is successful, the contract pays the dynamic audit expense which is deducted once from the guarantee fund of the data owner to a cloud service provider; if the audit verification is not successful or malicious behaviors of other entities appear, deducting a certain amount of guarantee fund of the entity account to other innocent entities, wherein the deduction amount is determined by the audit service price initiated by the entity account.
Adopt the produced beneficial effect of above-mentioned technical scheme to lie in:
(1) the invention constructs a distributed remote outsourcing data auditing mechanism based on a block chain. The mechanism writes a core auditing algorithm into remote outsourcing data of an EtherFang intelligent contract auditing data owner, and simultaneously ensures the integrity and privacy of the remote outsourcing data by using a random value (Nonce), a delay function, a BLS signature and a bilinear pairing technology of a latest block in a block chain.
(2) The invention assumes that the CSP can randomly delete the low-access-frequency remote outsourcing data block, and extracts the challenge data block by using a PPS method aiming at the situation, thereby improving the probability of extracting the medium-access low-access-frequency data block. In a primary sampling stage, the mechanism selects the access frequency of a data block as auxiliary information to group a data set, and improves the probability of low access frequency grouping in a sampling process; and in the second sampling stage, the grouping extracted in the primary stage is selected as a sample, and data blocks are extracted by adopting a random method to form a challenge set. The challenge data set in the mechanism can be covered to the low-access-frequency data block with higher probability, and the auditing efficiency is improved.
(3) The invention saves the deposit of DO (namely data owner), user and CSP (namely cloud service provider) through intelligent contract, and pays the deposit in DO account as service charge to CSP according to audit period dynamic stage aiming at DO remote outsourcing data audit condition; paying the guarantee money in the user account as service cost to the CSP and the DO according to the access times under the condition that the user authorizes to access the DO outsourcing data stored in the CSP; for an entity initiating a malicious behavior, the deposit in the entity account is paid to innocent entities as a penalty fee.
Drawings
FIG. 1 is a schematic diagram of the system architecture of the present invention;
FIG. 2 is a schematic diagram of the method of the present invention;
FIG. 3 is a comparison of homomorphic authentication tag times;
FIG. 4 is a time chart of challenge data generation;
FIG. 5 is a time comparison plot of aggregate evidence;
FIG. 6 is a graph comparing audit times;
FIG. 7 is a Gas marketing diagram;
FIG. 8 is a graph showing the comparison of error probability detected by CSP random erasure data block, random sampling and PPS;
FIG. 9 is a graph of CSP erasure of DO-less frequently used data blocks, random sampling versus PPS detected error probability.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
Fig. 1 is a schematic structural diagram of an auditing system, which includes four entities:
DO, namely an owner of remote outsourced data, outsources and stores the data into a cloud server in order to solve the problem of insufficient local storage space;
the CSP, namely a manager of the cloud server, has enough computing resources and storage space to store and maintain remote outsourcing data of DO;
the audit contract is a computer program which can be automatically executed and is stored on a block chain, is deployed in the intelligent contract of the Ethernet workshop and audits remote outsourcing data in the CSP;
the user, who is the entity granted access right by the DO, allows to pay for access to the remote outsourced data of the DO, and can also pay for enjoying other data services provided by the CSP.
And the DO extracts the challenge data block by using a PPS method, so that the probability of extracting the middle and low access frequency data block is improved. To support the PPS method, the PPS-AM is pre-processed by sorting the data blocks according to their access frequency, generating a new data set comprising the data block access frequency and the logical ID. When DO is ready to transmit outsourced data to the CSP through the Internet, firstly, the DO carries out blocking processing on the outsourced data to obtain a data block set, calculates homomorphic verifiable signatures of each data block, and sends the data block set and the homomorphic verifiable signature set to the CSP after calculation; secondly, the DO initiates a transaction, and an audit contract is initialized by using an audit period, the number of challenge data blocks, the CSP address, the public key of the DO and the like as parameters. The CSP stores a data set sent by the DO, then regularly scans an audit contract according to an agreed audit period, if a new audit task is found, the CSP informs the DO to use a PPS method to extract a plurality of data block IDs in the new data set and push the data block IDs to the audit contract, and after the audit contract takes the IDs, challenge data is generated and sent to the CSP. And after receiving the aggregate evidence, the CSP calculates the aggregate evidence and calls an auditing algorithm in the contract to verify the aggregate evidence. Finally, the audit result is written into the block chain for people to review. When the user wants to read the remote outsourcing data of the DO, the user needs to obtain the access right granted by the DO and then interacts with the CSP to obtain the target data. In order to ensure the practicability and fairness of audit, the DO, the CSP and the user all place a certain amount of guarantee fund in an audit contract, and the guarantee fund can not only pay service cost, but also be used as a means to punish an entity with malicious behavior in a mechanism.
And (3) threat model: it is assumed in the mechanism that CSP, DO and user are all "semi-honest" entities. Driven by some benefits, the CSP can remove some DO remote outsourcing data and launch the audit common attacks mentioned above; DO and the user may deny the audit result, \ 35820and the sink CSP may not legally store outsourced data or provide correct data in an attempt to pay no or little for the CSP's service. Assuming that the performers miners auditing the transactions are "honest and curious" entities, they will attempt to compute the remote outsourced data block content by the aggregate evidence sent by the CSP, revealing the DO data, as they package the audit transaction.
Based on the auditing method of the system, fig. 2 shows the whole process of the method, which specifically comprises the following steps:
s1.setup _ DO (initialization parameter): DO selects the random key pair sskSpk, random numbers α and u, where α ∈ Zp,u∈G1. The private key sk of DO is { α, ssk }, and the public key pk is { g, u, v, spk }, where v is gα,v∈G2
S2.AuditPara _ DO (AuditPara _ DO): DO divides the data set M outsourced to the cloud server into n data blocks M ═ Mi}i∈[1,n]. The dataset is processed using the DatasetformPPS _ DO algorithm and the CumulativeTabledorPPS _ DO algorithm to generate an accumulation table in preparation for PPS sampling.
The DO then computes a homomorphic verifiable signature for each data block using the private key α:
Figure BDA0002725850290000081
obtaining a homomorphic verifiable signature set of M:
Φ={σi}i∈[1,n]
after the DO sends data { M, phi } to the CSP, audit parameters { CSPAddr, StorTime, AudInterval, ChalNum, pk } are integrated to generate a transaction triggering audit contract, wherein CSPAddr is the address of a DO remote outsourcing data server; StorTime is the time of remote outsourcing data storage; AudInterval is an auditing period, a specific auditing time point can be calculated according to StorTime and AudInterval contract, and remote outsourcing data can be automatically audited periodically; ChalNum is the number of challenge data blocks; pk is the DO public key.
S3. DOconstractor _ SmartCon (initialize DO object in audit contract): as shown in Algorithm 1, is a payable function that indicates that the contract can accept and store the deposit.
Figure BDA0002725850290000082
The DO sends related parameters and a certain amount of electronic money to trigger the algorithm, the algorithm function is to initialize a DO object in an audit contract, and the DO data structure is as follows:
Figure BDA0002725850290000091
s4, CSPSetUp _ SmartCon (initializing CSP object in audit contract): as shown in algorithm 2, this is a payable function. The algorithm is triggered by the CSP and the function of the algorithm is to store the deposit sent by the CSP into the corresponding object account, wherein CSPBalances represents the balance of the CSP account.
Figure BDA0002725850290000092
S5.genchallenge _ SmartCon (generating audit challenge): this is a function in the audit contract, triggered by the DO, as shown in Algorithm 3, which functions to generate an audit challenge. And after the DO receives an audit request initiated by the CSP, a challenge data block ID set is generated by using the PPSample _ DO, a contract algorithm GenChallenge _ SmartCon is triggered, the algorithm searches a corresponding DO object in the intelligent contract according to the DOAddr to obtain an attribute value of the DO object, checks whether the current time is accurate audit time, triggers whether the CSP address of the contract is a correct cloud server address, judges whether the current audit task state is a suspension state and judges whether a random number seed is legal, and if the check results are legal, the contract uses a pseudo-random number generator to generate an audit challenge for the DO object.
Figure BDA0002725850290000093
Figure BDA0002725850290000101
S6.proofgen _ CSP (generating evidence of aggregation): the algorithm is performed by the CSP and functions to generate aggregated evidence from the challenge. The CSP receives a challenge set chal { (i, o)i) And finding a data block and a homomorphic verifiable signature corresponding to the challenge set, and calculating an aggregation evidence. To ensure the privacy of the data block, the CSP selects a random number l ∈ ZpCalculating the random number evidence Rand ∈ G1For destroying data certificatesAccording to the linear characteristic, anyone can not calculate the content of the challenge data block according to the data evidence.
Rand=wl=(uα)l
CSP uses (Rand, l, o)i,mi) Data evidence μ is calculated:
Figure BDA0002725850290000102
CSP calculates signature evidence sigma and hash evidence respectively according to the following formula
Figure BDA0002725850290000107
Figure BDA0002725850290000103
Figure BDA0002725850290000104
Finally, the CSP sends the aggregate evidence
Figure BDA0002725850290000106
And triggering an audit contract to finish the audit.
S7, audio _ SmartCon (Auditing aggregation evidence): this is the algorithm deployed in the smart contract triggered by the CSP to audit the aggregated evidence, as shown in algorithm 4. The algorithm uses the MissionSelect parameter to distinguish between periodic and non-periodic audits. In the periodic audit, the algorithm determines whether the CSP address triggering the contract is the server address stored in the DO object. If the address is the correct address, the number of the audit tasks in the DO object is added with 1, and then bilinear pair properties are used for calculating and judging whether the left end and the right end of the audit equation are equal. If the data is equal to the data, indicating that the audit is successful, the algorithm changes the current audit state in the DO object into success, deducts a certain amount of guarantee money of the DO account and pays the guarantee money to the CSP as storage cost; otherwise, the CSP does not correctly store the remote outsourcing data, the algorithm changes the current audit state of the DO object into exception, and deducts a certain amount of guarantee money of the account of the CSP to the DO.
Figure BDA0002725850290000105
Figure BDA0002725850290000111
In the non-periodic audit, the algorithm obtains a user object U according to the user address, checks whether the CSP address triggering the contract is the CSP address of the data which the U wants to read, and checks whether the DO address which is stored in the U and grants the access authority is the DO address in the algorithm parameters. And if the checks are legal, the algorithm audits the remote outsourcing data block read by the U. The audit is successful, and as storage and data cost, a certain amount of guarantee money in U is deducted to pay to CSP and DO. And (4) when the audit fails, deducting a certain amount of guarantee money of the CSP to the U and the DO. And finally, issuing the contract auditing result to a block chain, so that anyone can see the auditing flow and result to realize transparent auditing.
S8. audiouser _ DO (access authorization): the algorithm is executed by the DO and the function is to grant access to the user. DO uses the user unique identifier nameuserCalculate its access tag:
Tuname=nameuser||ssigssk(nameuser)
and will TunameAnd sending the data to the user and the CSP to indicate that the user has been granted remote outsourcing data access right.
S9. userseetup _ SmartCon (user object in the initialization audit contract): as shown in Algorithm 5, this is a payable function, triggered by the user, which is a function of initializing user objects in the contract.
Figure BDA0002725850290000121
The data structure is as follows:
Figure BDA0002725850290000122
the inputs to the algorithm are a challenge consisting of the data block label and the corresponding random value to be read by the user, the target DO address and the target CSP address. The contract stores a certain amount of guarantee money of the user, can be paid to DO and CSP as service cost, and can also be used as a punishment means for defending the malicious behavior of the user.
S10.proofgendo _ CSP (generating aggregated evidence of user about request data): and after receiving the DO remote outsourcing data reading request and the corresponding challenge information of the user, the CSP verifies the access right of the user. If the verification is passed, the CSP calculates an aggregate evidence proof from the challenge datauThe specific process of calculating evidence is the same as the algorithm proofGen _ CSP, and proof is sentuAnd triggering an Auditing _ SmartCon algorithm in an audit contract to audit the aggregation evidence.
The data set pre-processing includes two methods, performed by the DO. The first method is to generate a data set M consisting of DO remote outsourcing data access interval time and logic IDlocalThe data set is saved locally as a sample of the PPS primary sample. Remote outsourced data set M ═ M with the input being DO1,m2,…,mnThe output is MlocalThe specific algorithm is as follows:
Figure BDA0002725850290000123
Figure BDA0002725850290000131
the second algorithm function is to generate an accumulation table for the PPS method. The input being the minimum interval time fminMaximum interval time fmazAnd step size of segmentation, the output being an accumulation table TcumThe specific algorithm is as follows:
Figure BDA0002725850290000132
the cumulative table structure generated by algorithm 7 is as follows:
Figure BDA0002725850290000133
Figure BDA0002725850290000141
the PPS sampling method mainly has the functions of extracting challenge data block ID and inputting an algorithm into a data set MlocalCumulative table TcumN and m, the output is a data set IChal of size n m containing the data block ID. In the preliminary sampling stage, the algorithm uses the PPS method to extract the cumulative table TcumExtracting n units as primary sample samples; and a second sampling stage, extracting m remote outsourced data block IDs from the n units extracted in the primary stage by using a random sampling method. The specific algorithm is as follows:
Figure BDA0002725850290000142
the method also adopts a guarantee gold mechanism. In the mechanism, firstly, the DO determines the guarantee amount stored in a contract according to the size of a data set to be outsourced to the CSP, outsourcing time and audit price; the CSP determines the guaranteed amount deposited in the contract according to the DO guaranteed amount; the user determines the amount of money to be deposited in the contract according to the read amount of the remote outsourced data and the service prices of the CSP and the DO. Secondly, the CSP sends a transaction triggering contract, and the contract executes an Auditing-SmartCon algorithm for Auditing; when the algorithm audits the DO remote outsourcing data set (MissionSelect ═ true), if the audit verification is successful, the contract deducts the audit cost price once from the guarantee fund of the DOauditPayment to the CSP; when the entity initiating the audit is user U (missing select), if the audit verification is successful, the contract will deduct the cost price from the guarantee fund of URtoCSPAnd priceRtoDOPaying to CSP and DO, respectively. Thirdly, when DO initiates dynamic audit transaction, if audit is successful, contract deducts one time dynamic audit cost price from DO depositdynamicPaid to the CSP. Fourthly, if the audit verification is not successful or malicious behaviors of other entities appear, deducting a certain amount of guarantee fund of the entity account to other innocent entities, wherein the amount of the deduction guarantee fund is determined by the price of the audit service initiated by the entity.
Figure BDA0002725850290000151
Figure BDA0002725850290000161
The performance of the protocol of the invention was evaluated experimentally as follows:
4 computers are selected for building a system prototype in the experiment, and DO, cloud storage service, an ether house and a user are simulated respectively. The computer performance was Intel (R) core (TM) i7-4710HQ, frequency 2.50GHz processor, 8GB RAM, operating system Ubuntu. And writing corresponding algorithms of the DO end, the user end and the CSP end by using a python language, and writing an audit contract by using a solidity language. Experiments homomorphic verifiable signatures of data blocks were calculated using alt _ bn128 elliptic curves, hash values of data blocks were calculated using SH3-Keccak256 algorithm and MHT was constructed. Part of the aggregate evidence generated by CSP is group G1The element in (1) is required to be in group G1In the middle operation, the other part of the aggregated evidence is G2The element in (1) does not need arithmetic operation, so that the open source library solcpyto is introduced into an audit contract to realize the group G1The above operation generates parameters around two ends of the audit equation. To perform the final audit verification in the intelligent contract, the experiment invokes a precompiled contract that supports alt _ bn128 elliptic curve related operations, auditing the remote outsourced data block with bilinear pairs of properties in the environment of an Ethernet Virtual Machine (EVM). Since 460 data blocks are extracted when the amount of the DO remote outsourcing data block damaged by CSP is not less than 1% of the total amount of the DO remote outsourcing data blockThe challenge data blocks can audit out the malicious behaviors of the CSP with a probability of 99.9%, so the experiment assumes that the CSP destroys 1% of remote outsourcing data, and selects 100 and 600 challenge data blocks to detect the BSC-DAM performance.
Protocols 3P-PDP and DHT-PA using different data structures in experimental evaluation were compared with the present invention.
(1) And (3) experimental evaluation: data block homomorphic verifiable signature computation cost
FIG. 3 is a specific time taken to compute a homomorphic verifiable signature, which is a process that comparatively consumes computational resources throughout the mechanism. As can be seen from the figure, the time to compute a homomorphic verifiable signature grows linearly with the increasing number of data blocks. The computational complexity of the homomorphic verifiable signature algorithm of the invention and 3P-PDP is basically the same, but they are superior to DHT-PA.
(2) And (3) experimental evaluation: challenge data set computational cost
Fig. 4 is the time of calculating the challenge data set according to the present invention, and it can be seen that the time of generating the data set does not change much with the increase of the challenge data blocks, fluctuating up and down at 33 milliseconds.
(3) And (3) experimental evaluation: aggregate evidence and audit validation calculation costs
FIG. 5 is the time it takes to compute aggregate evidence, which grows linearly as the number of challenge data blocks increases. However, the aggregation evidence is calculated more time than the DHT-PA and 3P-PDP mechanisms, and the main reason is that the mechanism increases the calculation amount compared with the DHT-PA and 3P-PDP mechanisms respectively
Figure BDA0002725850290000171
Figure BDA0002725850290000172
And (cExp)G+cMulG)。
Fig. 6 is the time taken for audit verification, and it can be seen that the mechanism computation cost increases linearly with the increase of challenge data, and although the present invention is computationally less intensive, it still takes more time than the other two schemes. This is because writing the audit verification algorithm of the present invention into the intelligent contract requires a certain configuration time and mining time, but the gap gradually decreases as the audit data blocks increase.
(4) And (3) experimental evaluation: GAS consumption
Fig. 7 is Gas consumption for an audit data block. As can be seen from the figure, auditing 100- > 600 blocks of data, Gas grows from 427412 to 494412, but Gas does not exceed the limit number of one transaction. However, in batch auditing, the amount of DO processed for one transaction is limited due to Gas limitations. Through calculation, a batch processing algorithm in the contract can simultaneously process 500 audit requests initiated by DO in batches, the number of challenge data blocks of each request is 460, the consumed Gas is 582717, and if the contract wants to process audit requests with more DO, the contract needs to split the requests into a plurality of blocks and then trigger a plurality of transactions to realize audit.
(5) And (3) experimental evaluation: detecting CSP delete DO data probability
The data set size of the DO outsourced to the CSP is assumed to be n, k is the number of data blocks deleted by the CSP, c is the number of challenge data blocks, and X is a discrete random variable, which represents the number of challenge data blocks required for detecting the malicious behavior of the CSP deleting the DO data blocks. PXTo challenge the probability that at least one of the data blocks c is deleted by the CSP, then:
Figure BDA0002725850290000173
since (n-j-k)/(n-j) ≧ n-j-1-k)/(n-j-1), it can be concluded: 1- ((n-j-k)/(n-j))c≤PX≤1-((n-j-1-k)/(n-j-1))c
If the CSP deletes k data blocks among n data blocks, PXRepresenting the probability of challenging the c blocks of data to detect malicious behavior such as CSP. When k is fixed, the TPA can audit the malicious behavior of the CSP according to a certain probability through the aggregation evidence of the c data blocks, and the probability is independent of n. For example: if the CSP deletes 1% of the total number of data blocks, the TPA only needs 300 challenge data blocks to audit with a 95% probabilityIn this case, 460 data blocks were selected to obtain correct verification results with a probability of 99.9%. Assuming that the DO has 10000 data blocks to be outsourced to the cloud server (n is 10000), the CSP randomly deletes 100 data blocks, that is, 1% of the total number of the remote outsourced data blocks.
As shown in fig. 8, the experiment uses both PPS and random sampling to extract the challenge data block c. The abscissa in the figure is the number of data blocks of the challenge, and the ordinate is the probability P that the extracted data at least contains one CSP malicious deleted data blockX. Under the condition of a certain number of deleted data blocks, the probability P is increased along with the increase of the challenge data blocksXGradually increasing at a gradual rate. When c is 100, randomly sampling the corresponding PX59.8 percent of PPS and 60.5 percent of PPS; when c is 400, randomly sampling the corresponding PX97.6% and 98.3% PPS; when c is 500, P of random sampling and PPSXAll are 100%. It can be concluded that in the case of CSP random deletion of data blocks, P is calculated using PPS to extract several challenge data blocksXP calculated by extracting as many data blocks as random sampling methodXAre substantially the same.
FIG. 9 is a comparison of error probability detected by PPS method using random sampling in case of CSP deleting DO low frequency remote outsourced data block, and compared with FIG. 8, under this condition, the error probability detected by PPS method is significantly higher than that of random sampling, especially its advantage is more obvious when small amount of data is extracted, and when c is 100, P of PPSX78% and randomly 57%; when c is 150, the detection error rates of PPS and random sampling are respectively 0.89% and 78%; when c is 200, the detection error rate of the PPS and the random sampling is increased to 97% and 88%, the detection probability of the PPS and the random sampling is gradually close to each other with the increasing of the challenge data block, when c is 350, the detection error rate of the PPS reaches 100%, the random sampling is 96%, and when c is 500, the detection probability of the random sampling reaches 100%. As can be seen from the figure and these data, in the case that the CSP deletes the DO low-access-frequency remote outsourced data block, the PPS extracts the data block with higher probability of being maliciously deleted than the random sampling method.
The invention can realize the following functional indexes:
(1) public auditing: any entity that has computing experience and computing power and is trusted by the DO can audit the remote outsourced data of the DO without a copy of the data.
(2) And (3) automatic audit at regular intervals: when the audit period is reached, the CSP will initiate an audit request.
(3) Distributed audit: the intelligent contract audits remote outsourcing data to realize distributed audit.
(4) And (4) storage safety: after the CSP maliciously corrupts the outsourced data blocks, legitimate aggregate evidence cannot be forged from these corrupted data blocks.
(5) High efficiency: ensuring that the same accuracy as the normal audit protocol is achieved using fewer challenge data blocks.
(6) Privacy protection: miners cannot obtain the data block content by calculating a plurality of aggregation evidences of the same data block, and the outsourcing data of DO is leaked.
(7) Fair and transparent: the auditing process and the auditing result are disclosed, and any party cannot deny the auditing result.
The invention can realize the following safety indexes:
(1) data correctness: only the correct outsourced data block and the corresponding signature can pass the audit, and the DO outsourced data is ensured to be correctly stored in the CSP.
(2) Data privacy protection: in the whole auditing process, the miners cannot know the content of the outsourcing data block.
In a word, the core auditing algorithm is written into the remote outsourcing data of an Ethernet intelligent contract auditing data owner, and meanwhile, the integrity and the privacy of the remote outsourcing data are ensured by using the random value, the delay function, the BLS signature and the bilinear pairing technology of the latest block in a block chain. Aiming at the condition that the CSP can randomly delete the low-access-frequency remote outsourcing data block, the method uses the PPS method to extract the challenge data block, and improves the probability of extracting the medium-access low-access-frequency data block. The invention designs a guarantee fund mechanism, saves the guarantee fund of DO, users and CSP by using an intelligent contract, realizes paid design and can punish entities initiating malicious behaviors.

Claims (5)

1. A distributed remote outsourcing data auditing system is characterized by being realized based on an Ethernet workshop and comprising a data owner, a cloud service provider, a user and an auditing contract; wherein:
the data owner extracts the challenge data block by using an unequal probability sampling method based on a probability proportional scale sampling method, and improves the probability of extracting the data block with the medium and low access frequencies, wherein in the preprocessing stage of the probability proportional scale sampling method, the data owner sorts the data block according to the access frequency of the data block, and a new data set containing the access frequency of the data block and the logic ID is generated; when a data owner prepares to transmit outsourced data to the cloud service provider through the Internet, firstly, the data owner divides the outsourced data into blocks to obtain a data block set, calculates homomorphic verifiable signatures of each data block, and sends the data block set and the homomorphic verifiable signature set to the cloud service provider after calculation is finished; secondly, the data owner initiates a transaction, and an audit contract is initialized by using an audit period, the number of challenge data blocks, the address of a cloud service provider and a public key of the data owner as parameters;
the cloud service provider stores a data set sent by a data owner, then regularly scans an audit contract according to an agreed audit period, if a new audit task is found, the cloud service provider informs the data owner to extract a plurality of data block IDs in a new data set by using a probability proportional scale sampling method and push the data block IDs to the audit contract, and after the ID is taken by the audit contract, challenge data is generated and sent to the cloud service provider; after receiving the challenge data, the cloud service provider calculates an aggregation evidence and invokes an auditing algorithm in a contract to verify the aggregation evidence; finally, the audit result is written into the block chain for people to look up;
when a user wants to read remote outsourced data of a data owner, the user must firstly obtain access authority granted by the data owner, and then interact with a cloud service provider to obtain target data; in order to ensure the practicability and fairness of audit, a data owner, a cloud service provider and a user all need to place a certain amount of guarantee fund in an audit contract, wherein the guarantee fund is used for paying service cost or punishing an entity with malicious behavior in a mechanism.
2.A distributed remote outsourcing data auditing method, applied to the system of claim 1, comprising the steps of:
s1, initializing parameters: the data owner selects a random key pair { ssk, spk }, random numbers α and u, where α ∈ ZpG and u ∈ G1The private key sk of the data owner is { α, ssk }, and the public key pk is { g, u, v, spk }, where v is gα,v∈G2,G1And G2Two multiplication cyclic groups with prime order p, G is the generator of G1, e is G1 XG 1 → G2 is bilinear pairwise mapping, Z ispIs a set of non-negative integers less than p, H (·) {0,1}*→G1Is mapped to G1A secure hash function of (c), h (-) G1→ZpIs a one-time hash function;
s2, auditing pretreatment: the data owner divides a data set M outsourced to the cloud server into n data blocks M ═ Mi}i∈[1,n](ii) a Preprocessing a data set, mainly dividing the data set into two parts, wherein the first part is to extract the ID and the access interval time of a data block, sort the data block according to the access interval time and keep the data block to the local; the second part is to generate an accumulation table according to the access interval time of the data block to prepare for sampling by a probability proportional scale sampling method; after the data set preprocessing is completed, the data owner calculates a homomorphic verifiable signature for each data block using the private key α:
Figure FDA0002725850280000021
obtaining a homomorphic verifiable signature set Φ ═ σi}i∈[1,n](ii) a After a data owner sends data { M, phi } to a cloud service provider, audit parameters { CSPAddr, StorTime, AudInterval, ChalNum, pk } are integrated, a transaction triggering audit contract is generated, a data owner object in the contract is initialized, wherein CSPAddr is the address of a data owner remote outsourcing data server, StorTime is the time of remote outsourcing data storage, Aunterval is the audit weekCalculating a specific auditing time point according to StorTime and AudInterval contracts, and automatically auditing remote outsourced data periodically, wherein ChalNum is the number of challenge data blocks, and pk is a public key of a data owner;
s3, initializing a data owner object in an audit contract: triggered by the data owner, the contract can accept and store the deposit; the data owner sends related parameters and a certain amount of electronic money to trigger the initialization process;
s4, initializing a cloud service provider object in an audit contract: triggered by the cloud service provider, storing the deposit sent by the cloud service provider into the corresponding object account;
s5, generating an audit challenge: the method comprises the following steps that a data owner receives an audit request initiated by a cloud service provider, and then samples and extracts a specific number of data block IDs by using a probability proportional scale sampling method, so that a challenge data block ID set is generated; and secondly, after a data owner generates a challenge data block ID set, triggering a corresponding method in an audit contract, searching a corresponding data owner object in the audit contract according to the address of the data owner to obtain an attribute value of the data owner object, checking whether the current time is accurate audit time, whether the address of a cloud service provider triggering the contract is a correct cloud server address, whether the current audit task state is a suspended state and whether a random number seed is legal, and if the check results are legal, generating an audit challenge chal { (i, o) for the data owner object by the audit contract by using a pseudo-random number generatori) Where i denotes the challenge data block id, oiRepresenting a corresponding random value;
s6, generating a polymerization evidence: cloud service provider receives audit challenge chal { (i, o)i) Finding a data block and a homomorphic verifiable signature corresponding to the audit challenge, and calculating an aggregation evidence; in order to ensure the privacy of the data block, the cloud service provider selects a random number l to belong to ZpCalculating random number evidence Rand ═ wl=(uα)l,Rand∈G1Linear features for breaking evidence of data, furthermore, cloud service provider uses (Rand, l, o)i,mi) MeterCalculating data evidence mu ═ sigmachal oi·mi+ l.h (rand), calculating the signature evidence
Figure FDA0002725850280000022
And hashed evidence
Figure FDA0002725850280000023
Finally, the cloud service provider sends the aggregated evidence
Figure FDA0002725850280000024
Triggering an audit contract to finish auditing;
s7, auditing the aggregation evidence: in the periodic audit, judging whether the address of a cloud service provider triggering the contract is a server address stored in a data owner object, if the address is a correct address, adding 1 to the number of audit tasks in the data owner object, then calculating the property by utilizing bilinearity, judging whether the left end and the right end of an audit equation are equal, indicating that the audit is successful, changing the current audit state in the data owner object into success, and deducting a certain amount of guarantee money of a data owner account to be paid to the cloud service provider as storage cost; otherwise, the cloud service provider does not correctly store the remote outsourcing data, the current audit state of the object of the data owner is changed into exception by the algorithm, and a certain amount of guarantee money of the account of the cloud service provider is deducted to the data owner;
in non-periodic audit, obtaining a user object U according to a user address, checking whether a cloud service provider address triggering a contract is a cloud service provider address of data which the U wants to read, and checking whether a data owner address which is stored in the U and grants an access right is a data owner address in an algorithm parameter; if the check is legal, auditing the remote outsourcing data block read by the user successfully, deducting a certain amount of guarantee money in the user to pay to a cloud service provider and a data owner as storage and data cost, and deducting a certain amount of guarantee money from the cloud service provider to a U and the data owner if the audit fails; finally, issuing the audit result to a block chain to realize transparent audit;
s8, access authorization: data owner uses user unique identifier nameuserCalculate its access tag Tuname=nameuser||ssigssk(nameuser) And will TunameSending the data to a user and a cloud service provider to show that the user is granted remote outsourcing data access authority;
s9, initializing user objects in the audit contract: the object is used for storing a certain amount of guarantee money of the user, paying the guarantee money to a data owner and a cloud service provider as service cost, or defending the malicious behavior of the user as a punishment means;
s10, generating an aggregation evidence of the user about the request data: after receiving a user data reading owner remote outsourcing data request and corresponding challenge information, the cloud service provider verifies the user access authority, and if the user access authority passes the verification, the cloud service provider calculates an aggregation evidence proof according to the challenge datauThe concrete process of calculating evidence is the same as step (7), and proof is sentuAnd triggering an Auditing _ SmartCon method in an audit contract to audit the aggregation evidence.
3. The distributed remote outsourcing data auditing method according to claim 2, characterized in that the accumulation table in step S2 is generated in a manner that:
counting the access interval time of each data block according to a fixed step length fintervThe minimum value f of all access interval timesminTo a maximum value fmazIs divided into a plurality of segments; for each segment, calculating the accumulated sum of all the interval times; for the first segment, the accumulation range is the range from the starting time to the accumulation sum time, and for the next segment, the accumulation range is the range from the accumulation sum time of the previous segment to the accumulation sum time of the current segment, wherein the accumulation sum time of the previous segment is + 1; thus, an accumulation table T containing correspondence of segment, accumulation sum and accumulation range is generatedcum
4. The distributed remote outsourcing data auditing method according to claim 3, characterized in that in step S5, the specific way of sampling and extracting a certain number of data block IDs by using a probability proportional scale sampling method is as follows:
setting two positive integers n and m, and using probability proportional scale sampling method to obtain the result from the accumulation table TcumExtracting n segments as primary sample samples; then all data block IDs corresponding to the n segments are found in the relation table, and m data block IDs are extracted from the data block IDs by using a random sampling method to serve as challenge data blocks.
5. The distributed remote outsourcing data auditing method according to claim 4, characterized in that in step S7, the data owner determines the guaranteed amount of money to be deposited into the contract according to the size of the data set to be outsourced to the cloud service provider, the outsourcing time and the auditing price; the cloud service provider determines the guaranteed amount deposited into the contract according to the guaranteed amount of the data owner; the user determines the guaranteed amount of money deposited in the contract according to the read remote outsourcing data quantity and the service prices of the cloud service provider and the data owner;
the cloud service provider sends a transaction triggering contract for auditing, if the auditing is that the data owner remotely outsources the data set, if the auditing verification is successful, the contract pays the auditing expense deducted once from the guarantee fund of the data owner to the cloud service provider;
when the entity initiating the audit is the user U, if the audit verification is successful, the contract deducts the fees from the guarantee sum of the U and pays the fees to the cloud service provider and the data owner respectively;
when a data owner initiates a dynamic audit transaction, if the audit is successful, the contract pays the dynamic audit expense which is deducted once from the guarantee fund of the data owner to a cloud service provider; if the audit verification is not successful or malicious behaviors of other entities appear, deducting a certain amount of guarantee fund of the entity account to other innocent entities, wherein the deduction amount is determined by the audit service price initiated by the entity account.
CN202011102464.5A 2020-10-15 2020-10-15 Distributed remote outsourcing data auditing method Active CN112261020B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011102464.5A CN112261020B (en) 2020-10-15 2020-10-15 Distributed remote outsourcing data auditing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011102464.5A CN112261020B (en) 2020-10-15 2020-10-15 Distributed remote outsourcing data auditing method

Publications (2)

Publication Number Publication Date
CN112261020A true CN112261020A (en) 2021-01-22
CN112261020B CN112261020B (en) 2022-05-17

Family

ID=74243206

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011102464.5A Active CN112261020B (en) 2020-10-15 2020-10-15 Distributed remote outsourcing data auditing method

Country Status (1)

Country Link
CN (1) CN112261020B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113285812A (en) * 2021-07-26 2021-08-20 西南石油大学 Cloud storage self-auditing method based on SGX and Ether house block chain
CN113422688A (en) * 2021-08-19 2021-09-21 西南石油大学 Rapid auditing method for cloud storage data
CN113672956A (en) * 2021-08-20 2021-11-19 山东大学 Localized differential privacy protection method and system for numerical distribution calculation
CN117454433A (en) * 2023-12-22 2024-01-26 北京天润基业科技发展股份有限公司 Transaction processing method and device

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105243320A (en) * 2015-10-26 2016-01-13 上海易码信息科技有限公司 Authentication method of cloud service platform on mobile application program
CN105516340A (en) * 2015-12-30 2016-04-20 中国农业大学 Cloud storage data recoverability verification method and system
CN108494738A (en) * 2018-02-27 2018-09-04 华南理工大学 A kind of rear Quantum Electronics ballot system that can verify that and its implementation
CN109525403A (en) * 2018-12-29 2019-03-26 陕西师范大学 A kind of anti-leakage that supporting user's full dynamic parallel operation discloses cloud auditing method
CN109829326A (en) * 2018-11-20 2019-05-31 西安电子科技大学 Cross-domain certification and fair audit duplicate removal cloud storage system based on block chain
CN110147994A (en) * 2019-04-13 2019-08-20 山东公链信息科技有限公司 A kind of instant execution method of the block chain based on homomorphic cryptography
CN110677487A (en) * 2019-09-30 2020-01-10 陕西师范大学 Outsourcing data duplicate removal cloud storage method supporting privacy and integrity protection
CN111222176A (en) * 2020-01-08 2020-06-02 中国人民解放军国防科技大学 Block chain-based cloud storage possession proving method, system and medium
CN111275406A (en) * 2020-02-13 2020-06-12 布比(北京)网络技术有限公司 Block chain transaction contract auditing method and device, computer equipment and storage medium
CN111355705A (en) * 2020-02-08 2020-06-30 西安电子科技大学 Data auditing and safety duplicate removal cloud storage system and method based on block chain

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105243320A (en) * 2015-10-26 2016-01-13 上海易码信息科技有限公司 Authentication method of cloud service platform on mobile application program
CN105516340A (en) * 2015-12-30 2016-04-20 中国农业大学 Cloud storage data recoverability verification method and system
CN108494738A (en) * 2018-02-27 2018-09-04 华南理工大学 A kind of rear Quantum Electronics ballot system that can verify that and its implementation
CN109829326A (en) * 2018-11-20 2019-05-31 西安电子科技大学 Cross-domain certification and fair audit duplicate removal cloud storage system based on block chain
CN109525403A (en) * 2018-12-29 2019-03-26 陕西师范大学 A kind of anti-leakage that supporting user's full dynamic parallel operation discloses cloud auditing method
CN110147994A (en) * 2019-04-13 2019-08-20 山东公链信息科技有限公司 A kind of instant execution method of the block chain based on homomorphic cryptography
CN110677487A (en) * 2019-09-30 2020-01-10 陕西师范大学 Outsourcing data duplicate removal cloud storage method supporting privacy and integrity protection
CN111222176A (en) * 2020-01-08 2020-06-02 中国人民解放军国防科技大学 Block chain-based cloud storage possession proving method, system and medium
CN111355705A (en) * 2020-02-08 2020-06-30 西安电子科技大学 Data auditing and safety duplicate removal cloud storage system and method based on block chain
CN111275406A (en) * 2020-02-13 2020-06-12 布比(北京)网络技术有限公司 Block chain transaction contract auditing method and device, computer equipment and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
YUJUE WANG;QIANHONG WU;BO QIN;WENCHANG SHI;ROBERT H. DENG;JIANKU: "Identity-Based Data Outsourcing With Comprehensive Auditing in Clouds", 《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY》 *
王慧; 王励成; 柏雪; 刘清华; 沈晓鹰: "区块链隐私保护和扩容关键技术研究", 《西安电子科技大学学报》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113285812A (en) * 2021-07-26 2021-08-20 西南石油大学 Cloud storage self-auditing method based on SGX and Ether house block chain
CN113422688A (en) * 2021-08-19 2021-09-21 西南石油大学 Rapid auditing method for cloud storage data
CN113672956A (en) * 2021-08-20 2021-11-19 山东大学 Localized differential privacy protection method and system for numerical distribution calculation
CN113672956B (en) * 2021-08-20 2023-09-22 山东大学 Localized differential privacy protection method and system for numerical distribution calculation
CN117454433A (en) * 2023-12-22 2024-01-26 北京天润基业科技发展股份有限公司 Transaction processing method and device
CN117454433B (en) * 2023-12-22 2024-02-23 北京天润基业科技发展股份有限公司 Transaction processing method and device

Also Published As

Publication number Publication date
CN112261020B (en) 2022-05-17

Similar Documents

Publication Publication Date Title
CN112261020B (en) Distributed remote outsourcing data auditing method
Di Francesco Maesa et al. Data-driven analysis of bitcoin properties: exploiting the users graph
CN106875254B (en) Android malicious application program control method based on block chain technology
CN107342867B (en) Signature verification method and device
CA2854966C (en) Fraud analyst smart cookie
US20080010678A1 (en) Authentication Proxy
CN108009445B (en) Semi-centralized trusted data management system
CN111898360A (en) Text similarity detection method and device based on block chain and electronic equipment
US20160260089A1 (en) Secure account management using tokens
CN112132577B (en) Multi-supervision transaction processing method and device based on block chain
WO2019177788A1 (en) Detecting alterations of journal data structures
Holmes et al. A framework for live host-based Bitcoin wallet forensics and triage
EP2477137A1 (en) Method for verifying the integrity of a set of data
CN109919767B (en) Transaction risk management method, device and equipment
CN113505161A (en) Service query and verification method based on big data and cloud computing
Hanoymak et al. A glance at blockchain technology and cryptocurrencies as an application
Sanjay et al. Security and Privacy Trade-Off in Cryptocurrencies: An Implementation of Blockchain Technology
CN116596535B (en) Transaction payment method, device, equipment and storage medium based on blockchain
CN117171720B (en) Data attribution right identification system and method based on behavior fingerprint
US20220188829A1 (en) Transaction verification of distributed ledgers
Diadia et al. Review of Dematerialization Models and Systems in Public Procurement
Wijaya et al. Securing digital evidence information in bitcoin
CN201163420Y (en) Safety internet bank equipment
Sharmila et al. An Operative Application of Distributed Ledger Technology for Banking Domain
Ahamed et al. Validating product correctness of persistent itemset mining as a service prototype

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant